On Sat, 2004-07-03 at 05:15, Stirling Westrup wrote: > I understand most of the log messages I see from Shorewall, but I keep > getting a bunch of this form: > > Dec 31 19:00:00 creaky Shorewall:all2all:REJECT: IN= OUT=eth1 MAC= > SRC=192.168.1.254 DST=192.168.1.17 LEN=241 TOS=00 PREC=0x00 TTL=64 ID=10067 > PROTO=ICMP TYPE=5 CODE=1 GATEWAY=192.168.1.17 > > My question is about the GATEWAY field. It doesn't show up in any of my other > shorewall logs, and I couldn't find any docs on it. (YOU try googling for > 'gateway'!)
this is an ICMP redirect send from your firewall to .17 beeing blocked in your firewall rules. google for icmp type 5 code 1 icmp redirect is a method of remotely updating host's routing table to avoid sending redundant data on the segment, this is good or bad depending on your point of view :) http://www.qorbit.net/documents/icmp-redirects-are-bad.htm code=1 means it's a host error redirect. that means that the error is for a spesific host. gateway is what gateway is the best route for the spesific host/net (host in this case) basicaly your firewall tells .17 that the data it's trying to send should be sent to .17 instead. Now why .17 sends it to default gw in the first place i don't know, maybe .17 have 2 interfaces and lacks a route or maybe .17 don't have a loopback ? (insert other wild guess here) more info: http://www.networksorcery.com/enp/protocol/icmp/msg5.htm -- Ronny Aasen <[EMAIL PROTECTED]> ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
